IAM

Question 1

What does a user represent?

What is a group?

What can groups contain?

What is the relationship between users and groups

How do you assign permissions to users or groups?

Answer 1

One user within your organization?

A group of users

Groups can only contain users, not other groups

Users can belong to 0, 1 or Many groups

Permissions are assigned to users or groups via a policy. A policy is a JSON document describing the permissions

Question 2

Describe the structure of an IAM Policy?

What does a principal apply to?

Answer 2

Version, ID, Statements
Statement:
Sid, Effect, Principal, Action, Resource, Condition

Users, groups or roles

Question 3

What is an IAM Role?

What are some common roles?

Answer 3

Some AWS services will need to perform actions on your behalf. To do so, we will assign permissions to AWS services with IAM Roles

EC2 Instance roles, Lambda Function Roles, Roles for CloudFormation

Question 4

What is IAM Credentials Report?

What is IAM Access Advisor?

Answer 4

An account level report that list all your accounts users and the status of their various credentials. You can see info on whether a passworod is enabled, when it needs to be rotated, if they have generated keys. ETC

Access advisor show the service permissions granted to a user and when those services where last accessed

Question 5

What are the tools you can use to generate IAM policies?

How can you test your access on some service?

How can you resolve meta-data about your EC2 instance?

Answer 5

Visual Editor & Policy Generator

Using the IAM Policy Simulator

By calling the metadata url from your instance. (169.254.169.254/latest/metadata)

Question 6

What when do you use the SDK?

What happens if you don’t configure a default region in your SDK config?

Answer 6

When you want to access an AWS service from within your application code?

us-east-1 will be chosen by default